YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

[ppaull]

most of my Apple devices hostnames would change over time by adding a number to the end of the hostname which is incremented continuously.

Thus AirPrint stopped working reliably since the printers Bonjour name is changing permanently. I have not had the issue before the update.

Same problems here, I haven't been able to figure it out!

It should only be enabled if you have one or two way traffic enabled

I'm having these same issues with incrementing hostnames and bonjour printer access not working. Neither one or two-way traffic are enabled.

 

[marelit]

Same problems here, I haven't been able to figure it out!



I'm having these same issues with incrementing hostnames and bonjour printer access not working. Neither one or two-way traffic are enabled.

I think the Avahi reflector is enabled regardless of the two/one-way traffic options. A quick fix for now, which might have to be reapplied after the next update, is to edit

/jffs/scripts/avahi-daemon.postconf

and change the "enable-reflector=yes" to "enable-reflector=no".
After a reboot the issues disappeared.

 

[Jack Yaz]

I think the Avahi reflector is enabled regardless of the two/one-way traffic options. A quick fix for now, which might have to be reapplied after the next update, is to edit

/jffs/scripts/avahi-daemon.postconf

and change the "enable-reflector=yes" to "enable-reflector=no".
After a reboot the issues disappeared.

Hm I'll check, the postconf file should have the line deleted

 

[chewmull]

Can I use this if DHCP and DNS services come from my Windows Server 2012R2 and not the router?

 

[SheikhSheikha]

No, AiMesh doesn't support Guest networks. Asus is supposed to be working on this, hopefully, it will be released soon(ish).

L&LD is that a rumour, whishful thinking or something we really can expect? :-D

 

[L&LD]

A couple of posts I read a while back about that seemed to be genuine, but when we'll get that nobody seems to know.

 

[Jack Yaz]

Hm I'll check, the postconf file should have the line deleted

Looks like I am blanket enabling reflector as I wasn't aware of any harm of it being left on. I have a potential fix on the develop branch.

@marelit and @ppaull can you please edit line 9 of the script (YAZFI_BRANCH) to read "develop" in place of "master", and then use option u ?

https://github.com/jackyaz/YazFi/commit/2feb1f88c5ca89da0569b76d96488eeb9877116b

 

[marelit]

I have done that and updated to 4.0.3, the postconf file has not been changed/deleted. However when I apply the script manually there is the following error:

YazFi: wl1.1 (SSID: xxxxxxxx) - sending all interface internet traffic over WAN interface

sed: unsupported command Y
YazFi: Forcing YazFi Guest WiFi clients to reauthenticate

After I deleted the file manually and reran the script the error disappeared.

 

[Jack Yaz]

I have done that and updated to 4.0.3, the postconf file has not been changed/deleted. However when I apply the script manually there is the following error:

YazFi: wl1.1 (SSID: xxxxxxxx) - sending all interface internet traffic over WAN interface

sed: unsupported command Y
YazFi: Forcing YazFi Guest WiFi clients to reauthenticate

After I deleted the file manually and reran the script the error disappeared.

Agh sorry I goofed the sed when trying to delete the lines out of postconf. Update pushed to develop

 

[marelit]

Agh sorry I goofed the sed when trying to delete the lines out of postconf. Update pushed to develop

Now everything is working! Thanks for the quick update

 

[Jack Yaz]

v4.0.3 is now available
Changelog:

CHANGE: Only enable mDNS reflector if a network has one way or two way access enabled

 

[ppaull]

v4.0.3 is now available
Changelog:

CHANGE: Only enable mDNS reflector if a network has one way or two way access enabled

Thanks! Just a note for others— I had to apply YazFi settings (unchanged) for the mDNS reflector change in v4.0.3 to stick.

 

[StefanoN]

Hi
After the update I see 2 tab on the webgui:

Sorry: solved with a reboot of the router

 

[JWoo]

This looks very useful! I'd like my guest networks to use DoT (stubby). @Jack Yaz how does this work if I have DNS over TLS (stubby) enabled?

 

[L&LD]

@JWoo, see post 1.

 

[mustavas]

Hi all,
Firstly, big shout out to Jack for your awesome work and support! This is such a great piece of functionality, appreciate your efforts.

Like most of you, I am trying to leverage guest networks to isolate my IOT devices from the rest of my network.
I am trying to work through an issue where I cannot provide internet access to Guest networks while restricting LAN access due to my upstream WAN router/firewall is located at 192.168.1.3 (on the main 192.168.1.0/24 subnet). The default gateway in my router DHCP server is 192.168.1.3.

The route itself is only acting as a DHCP server and wireless AP.

Does anyone know of a way I can allow access to only the 192.x.x.3 address while restricting access to everything else?

Thank you in advance!

Router /AP : RT-AC68U
WAN Router/
wl01_ENABLED=true
wl01_IPADDR=192.168.2.0
wl01_DHCPSTART=2
wl01_DHCPEND=254
wl01_DNS1=8.8.8.8
wl01_DNS2=8.8.4.4
wl01_FORCEDNS=true
wl01_REDIRECTALLTOVPN=false
wl01_VPNCLIENTNUMBER=
wl01_LANACCESS=false
wl01_CLIENTISOLATION=true

Hi Jack,

Just a thought.
Would it be possible to expose one LAN IP (192.168.1.2/32) by editing one of the lines around line 992-994? as per the post above, everything works fine when lan access is granted, so this seems to be the acceptable minimum (assuming it would work). is there a better place to try , like IPtables?

Cheers,

Line 992

ebtables -t broute -D BROUTING -p IPv4 -i "$IFACE" --ip-dst 192.168.1.3/32 --ip-proto tcp -j ACCEPT

 

[mailkni]

Hi, Jack. Thank you for such a great script. I'm sorry if I missed this somewhere but I searched around with no direct answer to my questions. Do you mind helping?

1. It is possible to access the router/webui when connected to one of the guests wifi? My router is on 192.168.2.1 (guest networks starts at 192.168.3.1).
2. I enable "Access Intranet" on guest networks but still cannot do file sharing/SMB between computers. It this possible?

I see something with iptables/ebtables but have no idea what to do. I'm have AC5300 running 384.16 as wireless router mode. Thanks a lot for your help.

 

[Lord Lovaduck]

Hi there!
Love Yazfi, specially the ability to route directly to a VPN! Now I am trying a more ambitious project based on Yazfi.
I have multiple access points distributed through a building. Three different physical A/P (running FreshTomato) connect to the main router (running Merlin / Yazfi). Each access point has two different Virtual Interfaces wl0 wl0.1 with different SSIDs. There's a common room where all the tenants get together and they want access to their own SSIDs. So I was thinking about setting up guest networks with Yazfi and then somehow link the individual wlans for each tenant to a Yaszfi guest network having the same SSID and password. Can I do this, somehow link the SSIDs created by the external A/P with the clone Guest Networks on the Asus main router? This router is the one that handles DHCP for everybody and connects to the internet.
Thanks for any ideas!
BTW I have been searching and then going through the whole thread and still haven't found something similar to what I want to do... hence the question.

 

[ppaull]

@marelit and @ppaull can you please edit line 9 of the script (YAZFI_BRANCH) to read "develop" in place of "master", and then use option u ?

https://github.com/jackyaz/YazFi/commit/2feb1f88c5ca89da0569b76d96488eeb9877116b

I'm sorry, I didn't get a notification about this! But thank you, the new version has solved the issue with incrementing client hostnames.

Unfortunately, although it sounds like @marelit's printer issue was resolved, my access to my Brother printer via Airprint is still borked and it seems to have started after YazFi install. I've tried resetting it, nothing has worked. MacOS reports "The printer is in use."

 

[Jack Yaz]

Hi there!
Love Yazfi, specially the ability to route directly to a VPN! Now I am trying a more ambitious project based on Yazfi.
I have multiple access points distributed through a building. Three different physical A/P (running FreshTomato) connect to the main router (running Merlin / Yazfi). Each access point has two different Virtual Interfaces wl0 wl0.1 with different SSIDs. There's a common room where all the tenants get together and they want access to their own SSIDs. So I was thinking about setting up guest networks with Yazfi and then somehow link the individual wlans for each tenant to a Yaszfi guest network having the same SSID and password. Can I do this, somehow link the SSIDs created by the external A/P with the clone Guest Networks on the Asus main router? This router is the one that handles DHCP for everybody and connects to the internet.
Thanks for any ideas!
BTW I have been searching and then going through the whole thread and still haven't found something similar to what I want to do... hence the question.

You would need VLANs for this, which YazFi doesn't currently support